Distributed LogPoint

The Distributed Logpoint setup connects multiple LogPoint machines to segregate search and indexing. You can collect, index, and store logs in multiple LogPoint machines and search through them from a single main LogPoint, the Search Head. You can also monitor, configure, and analyze the logs on the connected devices.

The following scenario demonstrates workflow in the distributed setup using two LogPoint machines, LP1 and LP2 with varying privileges:

In LP1, you can add LP2 as a distributed LogPoint if you have the permission to access the logs on LP2. The users in LP1 can then search and create dashboards, alerts, and reports using the logs from the repos in either machine. In this case, users in LP2 cannot view the logs in LP1 unless LP1 is also added as a distributed LogPoint of LP2.

You can switch between multiple LogPoint machines using the DLP Selector in the top-right corner of the title bar.


Distributed LogPoint Selector


The DLP Selector is only visible in the Settings page.


Four DLPs with a single search head

The figure demostrates a distributed setup with four LogPoint machines. Here, LP2, LP3, and LP4 are added as Distributed LogPoint for LP1. the logs from LP2, LP3, and LP4 are then accessible at LP1.


  • You can configure two or more LogPoint machines as Distributed LogPoint of each other. The logs are then accessible both ways.

  • The names of each LogPoint must be unique in a distributed setup. You can change the name of a LogPoint from System Settings >> General.

The Distributed LogPoint guide helps you to understand and perform the following tasks:

Adding and Configuring

  • Enable connections between your LogPoint and remote LogPoints. Refer to Enabling Open Door.

  • Add remote LogPoint in the Distributed setup. Refer to Adding Remote LogPoints.

  • Add Syslog Forwarder in the Distributed setup. Refer to Adding a Syslog Forwarder.

  • Configure LogPoint as a Distributed Collector. Refer to Configuring Distributed Collectors.

  • Add targets to forward the Raw Syslog messages. Refer to Adding a Target.

  • Add devices to collect the Raw Syslog messages. Refer to Adding Devices.

  • Configure remote targets to view the logs. Refer to Viewing Logs in Remote Target.

Editing and Managing

  • Update the information about the Distributed LogPoints. Refer to Editing a Distributed Logpoint.

  • Import/Export data of the Syslog Forwarder. Refer to Downloading the Data.

  • Manage the settings before using the distributed collectors. Refer to Using Distributed Collectors.

  • Update the information on the Remote Target panel. Refer to Editing a Target

  • Update the device information. Refer to Editing Devices

  • Feature accessibility in the Distributed LogPoint setup. Refer to DLP Accessibility.



We are glad this guide helped.

Please don't include any personal information in your comment

Contact Support